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ABSTRACT 


The  Program  Manager' s  role  in  the  acquisition  of  new 
weapon  systems  encompasses  many  disciplines,  some  of  which 
he  may  have  little,  if  any,  training  or  experience  in 
handling.  One  of  these  areas,  which  until  recent  years  has 
received  little  attention,  is  System  Safety  Engineering. 
This  thesis  is  an  attempt,  in  handbook  form,  to  introduce 
the  Program  Manager  to  the  System  Safety  Process  and 
provide  basic  guidance  in  the  application  of  MIL  STD  882B, 
the  governing  Department  of  Defense  directive  on  system 
safety  program  requirements. 
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I.  INTRODUCTION 


Safety  has  always  been  a  consideration  in  the  systems 
acquisi tion/procurement  and  design  process,  however  its 
primary  emphasis  has  been  centered  on  the  operational  phase 
of  the  system's  life  cycle.  With  the  ever  increasing  cost 
of  retrofiting  or  replacing  operational  weapon  systems,  it 
became  evident  that  safety  had  to  enter  the  design  and 
procurement  process  at  the  earliest  point  possible  and  be 
an  active  consideration  throughout  the  system’s  life  cycle. 
To  accomplish  this  increased  safety  consciousness.  System 
Safety  Engineering,  or  simply  System  Safety,  was  brought 
into  the  process. 

'  System  Safety  is  defined  in  Military  Standard  BB2B 
CRef.  11  as  "the  application  of  engineering  and  management 
principles,  criteria,  and  techniques  to  optimize  safety 
within  the  constraints  of  operational  effectiveness,  time, 
and  cost  throughout  all  phases  of  the  system  life  cycle." 
The  primary  function  of  System  Safety  is  the  early  iden¬ 
tification  and  classification  of  hazards  so  that  action  may 
be  taken  to  correct  the  hazards  prior  to  reaching  final 
design  decisions^  The  earlier  an  unacceptable  hazard  is 

Y 

identified  and  eliminated,  the  less  the  negative  impact  on 
a  project  and  the  less  the  likelihood  of  a  costly  retrofit. 

The  person  having  the  ultimate  responsibility  for  the 
implementation  of  a  system  safety  program  for  new 
acqui si sti ons  is  the  Program  Manager.  Though  most  Program 


Managers  havi  bean  carefully  mcreened  and  have  had  training 
in  acquisition  management,  one  area  of  unfamiliarity  and 
weakness  is  often  that  of  implementing  MIL  STD  882B  and 
maintaining  an  effective  system  safety  effort. 

It  is  the  objective  of  this  thesis  to  assist  the 
Program  Manager  in  his  duties  involving  system  safety 
management  by  providing  a  usable  handbook  to  introduce  him 
to  the  principles  of  system  safety  and  then  to  provide 
practical  guidance  for  the  impl imentation  of  MIL  STD  882B. 
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II.  BACKGROUND 


Prior  to  the  adoption  of  System  Safety  as  a  formal 
discipline,  safety  was  an  ad  hoc  methodology,  with  little 
effort  being  made  to  actually  design  safety  into  the 
systems.  Once  operational,  a  "fly-it,  fix-it,  fly-it" 
approach  was  taken.  Hazards  which  were  identified  during 
operational  use  were  either  judged  to  be  of  low  risk  or 
fixed  by  retrofit.  In  either  case,  weight  and/or  cost 
penalties  were  considered  acceptable.  Due  to  the  relative 
inexpensiveness  of  the  systems  and  the  abundance  of  raw 
materials,  it  simply  was  not  cost  effective  to  make  System 
Safety  a  major  design  factor. 

Due  to  the  ever  increasing  complexity  of  new  systems 
and  skyrocketing  cost  of  production  which  accompanied 
modern  technology,  System  Safety  gradually  evolved  into 
what  it  is  today.  It  was  no  longer  feasible  to  wait  for 
hazards  to  appear  in  the  operational  phase  since  system 
replacement  and  retrofit  costs  had  grown  astronomically. 
It  became  apparent  that  if  safety  was  designed  into 
systems,  life  cycle  cost  could  be  reduced  and  system 
reliablity  increased.  With  this  realization  came  a 
multitude  of  instructions  and  directives  from  every 
direction  and  it  was  soon  evident  that  a  standardized 
approach  to  system  safety  was  required  for  all  the 
services.  To  this  end,  MIL  STD  882  and  its  subsequent 
revisions  were  written. 
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MIL  STD  882B,  currently  in  effect,  provides  "uniform 
requirements  for  developing  and  implementing  a  system 
safety  program  of  sufficient  comprehensiveness  to  identify 
the  hazards  to  a  system  and  to  impose  design  requirements 
and  management  controls  to  prevent  mishaps  by  eliminating 
hazards  or  reducing  associated  risk  to  a  level  acceptable 
to  the  managing  activity  <MA) . "  CRef.  13  This  standard 
provides  specific  system  safety  tasks  for  both  management 
and  engineering  which  may  be  imposed  on  all  applicable  DOD 
acquisitions.  The  key  individual  in  this  process  is  the 
Program  Manager,  for  it  is  he  who  serves  as  the  MA  and 
decides  which  tasks  are  appropriate  for  the  program  under 
his  control.  This  selection  or  tailoring  of  tasks  to  fit 
the  program  is  the  first,  the  most  difficult,  and  the  most 
important  step  in  the  implementation  of  MIL  STD  882B.  Once 
accomplished,  the  Program  Manager’s  primary  system  safety 
functions  are  to  monitor  and  assist  the  efforts  of  the 
contractor  in  adhering  to  the  establish  System  Safety  Plan. 
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perf ormanca  of  a  Preliminary  Hazard  Analysis  <PHA)  and 
associated  review/design  decision  processes  and 
documentation. 

The  safety  activities  for  the  program  involve  getting 
the  system  safety  effort  rolling  in  such  a  manner  that  it 
will  continue  throughout  the  life  cycle.  The  earlier  the 
program  is  put  into  effect,  the  more  effective  it  will  be. 
The  primary  item  here  is  the  development  of  the  System 
Safety  Program  Plan  <SSPP) .  The  SSPP  is  normally  written 
by  the  contractor  but  for  smaller  programs  it  may  be 
written  by  the  HA  to  reduce  expenses.  While  the  SSPP 
should  address  the  entire  life  cycle,  its  primary  emphasis 
may  be  focused  on  this  phase  since  a  review  and  update  of 
the  S8PP  is  essential  to  each  phase.  It  is  also  essential 
that  the  System  Safety  Working  Group  be  established  and 
take  an  active  part  in  the  review  of  design  proposals  and 
of  the  PHA. 

M.  DEMONSTRATION /VALIDATION  PHASE 

The  safety  objectives  of  this  phase  are,  as  the  name 
indicates,  to  demonstrate  and  validate  that  the  designs  of 
the  conceptual  phase  meet  the  desired  specifications  while 
maintaining  a  satisfactory  level  of  system  safety.  The 
first  step  in  accomplishing  this  goal  is  the  review/update 
of  the  S8PP  by  the  MA.  This  is  done  to  ensure  that  an 
integrated  system  safety  effort  is  provided,  since  it  is  in 


(Figures  1  and  2  of  Appendix  A  to  MIL  STD  882B  provide  two 
samples  of  matrices)  to  provide  qualitative  prioritization 
factors. 

One  note  of  caution  when  performing  risk  assessment  on 
projects  that  were  contracted  when  MIL  STD  882  was 
effective.  Under  882,  the  hazard  severity  description  and 
category  numbers  where  reversed  (catastrophic  was  category 
IV).  Contracts  under  882A  agree  with  882B. 

K.  MIL  STD  882B  AND  THE  LIFE  CYCLE  PROCESS 

As  stated  previously,  the  system  safety  effort  is  to 
extend  through  all  phases  of  the  life  cycle  process,  and  it 
is  important  to  be  familiar  with  the  safety  requirements  of 
each  of  these  phases.  Accordingly,  a  summary  of  the 
primary  system  safety  aspects  of  each  phase  is  provided. 

L.  CONCEPTUAL /DEVELOPMENT  PHASE 

In  this  phase,  the  system  safety  activities  are  divided 
into  two  primary  functions — one  for  the  system  and  one  for 
the  program.  For  the  system,  a  determination  of  the  state 
of  safety  and  the  requirements  for  safety  for  the  various 
alternatives  under  consideration  must  be  made.  It  is  this 
determination  that  will  ultimately  provide  the  grounds  for 
design  decisions.  Key  elements  in  this  area  are  a  thorough 
delineation  of  the  operational  and  support  requirements  of 
the  system,  a  review  of  applicable  "Lessons  Learned",  the 


(4)  The  precedence  for  the  handling  of  identified  hazards 
begins  with  the  elimination  or  reduction  to  a  level 
acceptable  to  the  MA  through  design  changes.  If 
this  is  not  possible,  appropriate  safety  devices  are 
to  be  incorporated.  Next  in  precedence  is  the 
incorporation  of  hazard  detection  and  warning 
devices  to  warn  personnel  of  the  hazard.  If  all  the 
above  are  impractical,  procedures  and  training  shall 
be  used  to  reduce  the  risk.  However,  "without 
specific  waiver,  no  warning,  caution,  or  other 
written  advisory  shall  be  used  as  the  only  risk 
reduction  method  for  a  Category  I  or  II  hazard...." 


J.  RISK  ASSESSMENT 

Effective  implementation  of  a  system  safety  program 
requires  proper  assessment  of  the  risk  associated  with  any 
identified  hazard.  Once  this  has  been  accomplished, 
hazards  may  be  prioritized  in  order  that  the  potential  risk 
and  the  costs  to  reduce  that  risk  may  we  properly  weighed 
and  design  decision  made.  To  perform  this  priori tization, 
it  is  necessary  to  consider  both  hazard  severity  and  hazard 
probabi 1 i ty . 

Hazard  severity  primarily  concerns  the  magnitude  or 
criticality  (category  I  is  catastrophic,  II  is  critical, 
etc.)  to  personnel  safety  or  the  successful  mission 
accomplishment  and  is  qualitative  in  nature.  Hazard 
probability,  however,  is  a  measure  of  the  likelihood  of 
occurrence  of  an  event  and  though  usually  associated  with  a 
quantifiable  number,  is  often  categorized  qualitatively 
(frequent,  occassional,  etc.).  Though  prioritization  may 
be  simply  a  subjective  evaluation  of  the  above,  it  is 
usually  advantageous  to  utilize  a  risk  assessment  matrix 
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beyond  and  provides  task  elements  -for  both  management  and 


engineering/design.  These  tasks  are  to  be  tailored  by  the 
MA  to  establish  a  safety  program  which  meets  the  specific 
needs  of  each  procurement.  Herein  lies  the  heart  of  the 
MA’s  role  in  the  system  safety  effort — to  evaluate  each 
project  and  select  the  appropriate  tasks  for  incorporation 
to  contractual  document.  Once  this  is  accomplished,  the 
MA’s  must  monitor  and  assist  the  efforts  of  the  contractor 
in  adhering  to  the  established  System  Safety  Plan. 


I.  SYSTEM  SAFETY  REQUIREMENTS  AND  PRECEDENCE 

In  order  to  properly  evaluate  projects  and  accurately 
select  appropriate  tasks  elements,  the  MA  must  first 
understand  the  basic  requirements  and  precedence  laid  down 
by  the  military  standard.  To  this  end  a  brief  summary  of 
the  major  elements  is  provided  belowi 

(1)  The  contractor  shall  establish  and  maintain  an 
effective  and  efficient  system  safety  program.  A 
statement  to  this  effect  must  be  included  in  the  SOW 
and  CDRL. 

(2)  Safety,  consistent  with  mission  requirements,  is  to 
be  designed  into  the  system  in  a  cost  effective 
manner.  Hazards  are  to  be  identified,  evaluated  and 
eliminated  or  reduced  to  a  level  acceptable  to  the 
MA. 

(3)  Prior  to  system  design,  all  applicable  standards, 
specifications,  regulations,  historical  data  and 
lessons  learned  shall  be  reviewed  for  guidance. 
During  the  project,  thorough  documentation  of  all 
hazards  shall  be  maintained  and  significant  safety 
data  should  be  documented  and  submitted  as  lessons 
1  earned. 


(3)  Fault  Hazard  Analysis  <FHA)  -  Similar  to  an  FMEA, 
but  includes  consideration  of  human  error,  pro¬ 
cedural  deficiencies,  environmental  conditions  and 
other  events  that  might  cause  "normal"  operations  at 
an  undesired  time  and  result  in  a  hazardous 
condition. 

(4)  Fault  Tree  Analysis  (FTA)  -  A  top-down  evaluation 
technique  which  begins  with  an  undesired  event  and 
proceeds  through  the  system  to  identify  the  event  or 
combination  of  events  which  would  have  to  occur  to 
cause  the  undesired  event. 

<5)  Hazard  Action  Report  (HAR)  -  A  report  which 
identifies  an  existing  hazard,  the  probability  and 
criteria  for  its  elimination  or  control,  a  history 
of  action  taken  and  verification  that  the  criteria 
has  been  met. 

(6)  Initiating  hazard  -  A  hazard  or  event  which  triggers 
a  sequence  of  hazardous  events. 

(7)  Primary  hazard  -  A  hazard  which  directly  and 
Immediately  causes  injury,  death,  damage,  loss  of 
equipment,  degradation  of  capabilities,  or  loss  of 
material . 

(8)  Sneak  Circuit  Analysis  -  A  computer  aided  process 
for  examinination  of  software  and  hardware  to 
identify  latent  <sneak>  circuits  and  conditions 
which  inhibit  desired  functions  or  cause  undeslred 
functions  without  a  component  failure. 


H.  MILITARY  STANDARD  882B 

Military  Standard  8B2B  provides  "uniform  requirements 
for  developing  and  implementing  a  system  safety  program  of 
sufficient  comprehensiveness  to  identify  the  hazards  to  a 
system  and  to  impose  design  requirements  and  management 
controls  to  prevent  mishaps  by  eliminating  hazards  or 
reducing  associated  risk  to  a  level  acceptable  to  the 
managing  activity  <MA>".  While  MIL  STD  882B,  in  many 
respects,  is  very  similar  to  its  predecessor,  it  goes 
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(4)  Hazard  Identification,  Categorization,  and  Evaluation 
-  Tha  hazard  analysis  will  laad  to  tha 
identification  of  system  hazards,  which  must  than  ba 
catagorizad  as  to  potantial  dang ar  and  the 
probability  of  thair  occurranca.  Using  this 
information,  caraful  avaluation  must  taka  placa  to 
datarmine  which  hazards  raquira  design  changes  due 
to  either  thair  severity  or  frequency  of  occurrence 
or  a  combination  of  tha  two. 

(9)  Action  to  Eliminate  or  Control  Hazards  -  The  old 
cliche  "actions  speak  louder  than  words"  applies 
here.  All  tha  analysis  and  evaluation  serves  no 
purpose  if  the  appropriate  corrective  action  is  not 
taken.  Measures  must  be  taken  to  track  every  hazard 
until  it  is  closed-out  as  directed. 

(6)  Modification  of  System  Elements  -  The  above  steps 
are  iterative  in  nature.  Once  a  modification  is 
made,  a  re-evaluation  must  be  done  to  see  if-  the 
hazards  were  corrected  or  if  any  new  hazards  were 
introduced. 

(7)  Effectiveness  Evaluation  -  Included  in  this  area  are 
Mishap  Analysis  and  System  Test  and  Demonstration. 
This  is  done  to  verify  the  mission  and  cost 
effectiveness  of  the  modifications.  The  question 
that  must  be  answered  is  "Does  the  system  still  meet 
design  specifications  with  the  incorporated  changes 
and  have  these  changes  eliminated  or  controlled  the 
known  hazards?" 

(8)  Increased  Safety  Assurance  and  Re-application  -  The 
resulting  system  is  safer  while  still  meeting  the 
mission  requirements  and  the  lessons  learned  are 
utilized  for  future  systems. 


6.  SYSTEM  SAFETY  DEFINITIONS 

The  following  definitions  in  conjunction  with  those 
provided  in  para  3.1  of  MIL  STD  062B  are  terms  wi~th  which 
one  must  be  familiar  when  working  in  System  Safety* 

(1)  Contributing  hazard  -  A  condition  which  aides  in  the 
fulfillment  of  a  hazardous  event. 

(2)  Failure  Mode  and  Effects  Analysis  (FMEA)  -  A  qual¬ 
itative  technique  which  evaluates  the  effects  of 
various  failure  modes  on  the  safety  of  the  system. 


19 


1: 

t 

.  .i 


i- 

•v 


%■ 

t 


:kkaki 


block.  While  the  dollars  expended  on  a  safety  effort  is  a 
quantifiable  figure,  the  benefits  reaped  from  the  effort 
are  not.  Estimates  of  systems  and  lives  saved  by  a  safety 
program  are  just  that — estimates  for  which  no  tangible 
dollar  savings  can  be  shown.  While  the  cost  effectiveness 
is  difficult  to  show  and  impossible  to  prove,  it  is  the 
Program  Manager's  jab  to  ensure  that  System  Safety  is  given 
careful  attention  and  adequate  funding. 


F.  THE  SYSTEM  SAFETY  PROCESS 

The  System  Safety  Process  is  simply  the  logical 
application  of  the  System  Engineering  approach  to  obtain 
the  desired  System  Safety  objectives.  The  primary  elements 
of  this  process  are  as  follows* 

(1)  Lessons  Learned  -  Probably  the  greatest  proof  for 
the  necessity  of  a  strong  System  Safety  program  are 
the  multitude  of  accident  and  mishap  reports. 
Analysis  of  these  reports  have  shown  that  a  great 
percentage  of  incidents  are  the  result  of  a  design 
flaw  that  could  have  been  eliminated  if  safety  had 
been  given  its  just  place  in  the  design  process. 
Use  these  reports  to  prevent  the  same  design  flaws 
in  new  projects  and  whenever  practical  ,  utilize 
systems  and  subsystems  with  proven  track  records. 

<2>  System  Specifications  -  Precise  definition  of  the 
system  and  its  bounds,  being  careful  to  Include 
all  required  maintenance  and  support  facilities 
and/or  equipment  and  the  anticipated  operating 
environments. 

(3)  Sy  ^.em  Hazard  Analysis  -  This  is  an  evaluation  of 
the  complete  system  to  uncover  any  design  features, 
system  components,  or  any  system  interfaces  that 
might  lead  to  or  create  a  hazard.  Fault  tree 
analysis  <FTA>  and  failure  mode  ar .  effects  analysis 
(FMEA)  are  often  used  for  this  purpose. 
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into  a  system  could  reduce  life  cycle  coats  and  incrsass 
ths  system's  reliability.  "Fly  it  -  -fix  it  -  -fly  it“ 
became  "identify  -  analyzs  -  eliminate". 

Initial  ef -forts  to  emphasize  8ystem  Safety  rssultsd  in 
various  instructions  and  dirsetivss  being  issusd  by  sach  o-f 
tha  services.  It  soon,  however,  became  apparent  that  a 
standardized  approach  applicable  to  all  the  services  and 
all  varieties  of  procurement  was  required.  To  this  end, 
MIL  STD  882  and  its  subsequent  revisions  were  written. 
This  standard  made  the  developement  of  a  System  Safety 
program  a  requirement  and  defined  the  roles  of  the  Program 
Manager  and  the  contractor  in  implementing  the  program. 

E.  SYSTEM  SAFETY  PROGRAM  PLANNING  AND  COSTS 

A  System  Safety  Program  is  a  formal  program  with 
definitive  steps  to  ensure  that  safety  is  designed  into 
systems,  subsystems,  and  support  equipment.  It  is  to  be 
set  forth  in  the  Statement  of  Work  (SON)  of  the  Request  for 
Proposal  (RFP)  and  in  the  Contract  Data  Requirements  List 
(CDRL) .  In  general,  it  specifies  procedures,  standards, 
and  testing  requirements  for  the  stated  purpose  of  identi¬ 
fying  and  eliminating  or  controlling  safety  hazards.  In 
that  it  is  a  part  of  the  SOW  and  requires  the  expenditure 
of  manpower  and  material  assets,  its  cost  must  be  included 
in  that  project  budget.  This  is  where  far  too  many  safety 
efforts  meet  their  untimely  demise— at  the  budget  chopping 
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measures  may  ba  takan  to  &iminate  the  hazards  prior  to 
raachlng  final  daslgn  daciaions.  Tha  aarliar  an  unaceept- 
abla  hazard  is  idantifiad  and  aiiainatad  or  controllad,  tha 
laas  tha  nagativa  impact  on  tha  project  and  tha  laaa  tha 
li kali hood  of  a  coatly  ratrofit. 

D.  DEVELOPMENT  OF  SYSTEM  SAFETY 

In  tha  past,  whan  systams  wire  relatively  inaxpanaiva 
and  raw  materials  ware  plentiful.  System  Safety  was  an  ad 
hoc  methodology.  Little  effort  was  mada  to  design  safety 
into  systems  except  to  eliminate  obvious  hazards  or  those 
hazards  known  to  exist  from  previous  axparianca.  Onca 
operational,  the  "fly  it  -fix  it  -  fly  it"  method  was 
utilized.  Any  identified  hazard  was  eliminated  through 
retrofit  or  judged  to  ba  low  risk  items  not  requiring 
ratrofit.  In  either  case,  tha  weight  and/or  cost  penalty 
was  considered  acceptable.  It  simply  wasn't  cost  affective 
to  make  System  Safety  a  major  design  consideration. 

As  system  complexity  grew,  the  role  of  System  Safety 
gradually  changed  to  what  it  is  today.  Systems  were  no 
longer  inexpensive  or  easy  to  manufacture,  the  design 
process  became  more  sensitive  to  changes,  and  size/weight 
tolerances  became  more  critical.  It  was  no  longer  feasible 
to  wait  for  hazards  to  appear  in  the  operational  phase  be¬ 
cause  system  replacement  and  retrofit  costs  had  grown  as¬ 
tronomically.  It  soon  became  evident  that  designing  safety 
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equipped  to  accurately  estimate  the  complexity  of  tha 
system  aafaty  affort  ralatad  to  a  givan  project  and  then  ba 
able  affectively  apply  MIL  STD  882B  to  tha  management  of 
that  project. 

B.  SYSTEM  SAFETY  --  WHAT  IS  IT? 

MIL  STD  882B  define*  System  Safety  as  "tha  application 
of  engineering  and  management  principles*  criteria,  and 
techniques  to  optimize  safety  within  the  constraints  of 
operational  effectiveness,  time,  and  cost  throughout  all 
phases  of  the  system  life  cycle."  Notice  specifically  the 
references  to  “optimize"  and  to  “constraints".  System 
Safety  is  not  to  be  feared  as  an  all  consuming  monster, 
blind  to  the  limitations  of  one's  particular  project.  It 
must  be  considered  as  one  of  the  elements  to  be  optimized 
along  with  many  others.  Also  take  note  that  it  applies  to 
"all  phases  of  the  system  life  cycle".  While  safety  has 
always  been  a  consideration  in  any  new  procurement  or 
design  process,  its  primary  emphasis  has  always  been 
affixed  to  the  operational  phase  of  the  life  cycle.  Now, 
however,  it  extends  throughout  the  design,  operation,  and 
disposal  of  the  system. 

C.  THE  FUNCTION  OF  SYSTEM  SAFETY 

The  primary  function  of  System  Safety  is  the  early 
identification  and  classification  of  hazards  in  order  that 


APPENDIX  A 


A  FR06RAM  MANAGERS  INTRODUCTION  TO 
SYSTEM  SAFETY  AND  MILITARY  STANDARD  8B2B 

A.  INTRODUCTION 

This  manual  ia  not  designed  to  antwar  avtry  question  on 
the  topic  o-f  Sy-tem  Safety  Enginaaring.  It  endeavors, 
however,  to  impart  an  insight  into  Systam  Safaty  and  tha 
importance  if  plays  in  tha  procuramant  procass.  Addition¬ 
ally,  practical  guidanca  and  logical  considarations  for  tha 
application  of  Military  Standard  882B  to  waapon  systam 
procuamants  is  providad.  To  achiava  this  and,  first  tha 
ganaral  principlas  and  fundamantals  of  systam  safaty 
enginaaring  ara  prasantad.  Sacondly,  specific  areas  of  MIL 
STD  882B  ara  highlighted,  and  lastly,  to  assist  in  tha 
actual  implementation  of  MIL  STD  882B,  it  is  applied  to 
three  separata  waapon  systam  procurements* 

(1)  Procurement  of  a  major  waapon  system  (a  new 
aircraf t ) . 

(2)  Procuramant  of  a  minor  waapon  system 
(a  remotely  piloted  aircraft). 

(3)  Procurement  of  a  modi fi cat ion/ addendum  to  a 
waapon  systam  <an  radar  upgrade  for  an 

i n-sar vi ca  ai rcr af  t ) . 

Tha  above  projects  vary  greatly  in  their  scope  and 
complexity  and  each  requires  a  systam  safaty  effort 
tailored  specifically  to  meat  its  individual  needs.  With 
tha  aid  of  this  manual,  one  should  have  a  clearer 
understanding  of  tha  system  safety  procass  and  be  batter 
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IV.  CONCLUSIONS 


System  Safety  is  an  essantial  alamant  in  the 
acquisition  of  the  waapon  systems  required  for  the  defense 
of  our  nation.  It  is  therefore  paramount  that  anyone  in 
position  to  exarcisa  control  over  the  implementation  of  NIL 
STD  882B  (usually  the  Program  Nanagar)  fully  undarstand  tha 
importanca  of  system  safety  to  tha  acquistion  process. 

This  handbook  is  an  initial  attempt  to  aid  the  program 
manager  in  the  management  of  the  system  safety  aspects  of 
tha  program.  It  is  not  designed  to  be  a  definitive 
reference  to  answer  every  relevant  question  on  the  subject. 
Hopefully,  however,  it  should  better  equip  the  Program 
Manager  to  accurately  estimate  the  complexity  of  the  system 
safety  effort  and  to  effectively  apply  MIL  STD  B82B  to  the 
management  of  any  given  project. 

To  ensure  that  the  above  has  been  accomplished  without 
any  serious  omissions  or  errors,  it  is  strongly  recommended 
that  the  handbook  be  reviewed  by  appropriate  agencies  prior 
to  full  distribution. 


project.  It  must  be  understood  that  this  is  only  a 
"baseline  selection"  and  that  it  must  be  molded  to  the 
project  at  hand  after  careful  consideration  of  all 
available  information. 

Ideally,  with  the  aid  of  this  simple  manual,  program 
managers  should  have  a  clearer  understanding  of  the  system 
safety  process  and  how  to  effectively  apply  MIL  STD  882B  to 
the  management  of  any  project  under  their  cognizance.  It 
should  be  noted  that  even  though  discussions  are  limited  to 
weapon  system  acquisitions,  the  same  fundamental  principles 


apply  to  facilities  acquisitions. 


III.  METHODOLOGY 


The  basic  premise  in  preparing  this  handbook  was  to 
keep  it  simple  and  usable,  not  just  another  huge  volume 
■filled  with  fact  after  fact  that  is  read  once,  if  that,  and 
then  due  to  its  appalling  nature,  stuck  away  and  never  seen 
again.  This  handbook  was  to  be  a  basic  reference  which 
could  be  keep  at  the  program  managers  desk  and  repeatedly 
used  to  in  his  system  safety  endeavors.  Accordingly,  a 
limit  of  30  pages  was  established.  Within  these  pages, 
there  was  to  be  sufficient  material  to  provide  a  sound 
introduction  to  the  concepts  of  System  Safety  and  to 
provide  practical  guidance  for  the  implementation  of  MIL 
STD  882B. 

The  handbook  first  endeavors  to  impart  an  insight  into 
the  importance  of  System  Safety  in  the  procurement  process 
and  then  present  the  general  principles  and  fundamentals  of 
system  safety.  Once  this  is  accomplished,  practical 
guidance  and  logical  considerations  in  the  implementation 
of  MIL  STD  882B  are  presented.  Here  specific  elements  of 
the  standard  are  highlighted  and  then  the  standard  is 
applied  to  three  distinct  weapon  system  acquisitions  to 
obtain  a  baseline  selection  of  system  safety  tasks.  To  aid 
in  the  selection  process,  a  "Task  Element  Applicability 
Checklist"  is  provided.  With  the  aid  of  this  checklist, 
program  managers  can  accurately  make  a  baseline  selection 
of  tasks  to  include  in  the  system  safety  program  for  their 
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thi*  phase  that  the  system  safety  effort  ts  the  most 
intensive. 

Much  of  the  system  safety  effort  will  involve 
conducting  numerous  hazards  analyses,  such  as  the  System 
Hazard  Analysis  (SHA) ,  the  Subsystem  Hazard  Analysis 
(SSHA) ,  etc.  Each  of  these  analyses  is  designed  to  verify 
that  system  safety  is  achieved  in  a  particular  area  of 
interest.  Once  these  analyses  have  been  completed, 
measures  must  be  taken  to  ensure  that  the  hazards  are 
properly  rectified.  This  is  accomplished  by  the 
impli mentation  of  a  hazard  tracking  scheme  which  follows  a 
hazard  from  discovery  and  documentation  to  ultimate 
reconci 1 i at ion. 

Test  and  evaluation  procedures  are  to  be  reviewed  from 
a  system  safety  aspect  to  ensure  that  no  hazards  are 
introduced  by  test  procedures.  Additionally,  training 
plans,  logistics  and  support  plans,  etc,  must  be  reviewed 
for  safety  considerations,  and  an  advance  look  at  the 
projected  production  process  and  operations  should  be 
conducted. 

Finally,  and  most  importantly,  it  must  be  verified  that 
what  has  been  learned  in  this  phase  is  added  to  the 
requirements  documents  (80W,  Specs,  etc)  to  ensure 
inclusion  in  the  following  phases.  The  bottom  line  is  to 
ensure  that  system  safety  objectives  are  achieved  while 
still  meeting  design  requirements  and  specifications  and 


keeping  within  cost  restraints.  This  is  easy  to  say,  out 
mors  often  than  not,  vsry  difficult  to  accomplish. 

N.  FULL  SCALE  DEVELOPEMENT 

Hsrs  the  transf  or  mat  i  on  of  validated  designs  into  full 
scale  production  occurs.  This  is  followed  by  rigorous 
testing  and  analysis  to  ensure  that  the  design  lives  up  to 
eKpectations.  System  safety’s  role,  for  the  most  part,  is 
a  continuation  of  efforts  started  in  the  previous  phase. 

First  the  SSPP  is  reviewed  and  updated.  If  multiple 
subcontractors  are  involved,  an  Integrated  System  Safety 
Program  Plan  (I SSPP)  is  usually  advisable.  The  I SSPP  is 
designed  to  coordinate  the  system  safety  efforts  of  the 
subcontractors  with  those  of  the  primary  contractor. 
Engineering  designs  must  be  reviewed  to  ensure  incorpora¬ 
tion  of  safety  requirements  and  that  hazards  previously 
identified  have  been  corrected.  All  the  various  hazard 
analyses  may  require  updating  in  as  ach  as  nere  will  be 
the  first  chance  to  analyze  the  actual  hardware  and 
software  items  and  to  see  actual  full  system  interface. 

All  tests  conducted  during  this  phase  must  be  reviewed 
to  ensure  that  no  further  hazards  have  developed  and  that 
the  system  is  indeed  ready  for  production.  Additionally,  a 
look  ahead  at  the  production  facilities  should  be  made  to 
verify  that  they  are  ready  to  safely  handle  ne  forthcoming 
tasks.  Finally,  the  system  safety  effort  in  this  phase 
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must  be  documented  and  the  program  should  bs  tall  or  sc:  for 
ths  producti on/depl oymsnt  phase. 

O.  PRODUCTION  AND  DEPLOYMENT  PHASE 

Ths  primary  system  safety  objective  of  this  phase  is  to 
ensure  that  the  system  is  produced  in  accordance  with  the 
approved  specifications  and  designs  and  that,  after 
post-production  tests,  it  is  deployed  to  the  fleet  for 
operational  use.  To  accomplish  this  task,  first  the  SSPP 
is  updated  to  reflect  the  requirements  of  the  phase. 
Safety  controls  and  inspections  of  the  production  process 
and  operations  must  be  enforced.  Evaluation  of  testing  of 
early  production  hardware/systems  must  be  performed  to 
detect  and  correct  any  additional  safety  hazards.  Various 
Engineering  Change  Proposals  <ECP)  and  Notices  of  Exception 
(NOE)  will  most  likely  be  submitted  and  must  be  reviewed 
for  their  impact  on  system  safety. 

Once  the  system  is  actually  deployed,  fleet  use 
invariably  defines  new,  unexpected  hazardous  modes  of 
operation  and  new  procedures.  NOE's  and  ECP’s  associated 
with  these  findings  must  again  be  evaluated  for  safety 
impact  and  acted  on  accordingly. 

P.  DISPOSAL  PHA8E 


Though  disposal  of  newly  developed  systems  is  not 
usually  an  immediate  worry,  the  system  safety  effort  is  not 


comp lata  until  thia  phase  is  conaidarad.  Tha  SSPP  ahould 
contain  proviaiona  for  tha  aafa  diapoaal  of  tha  system  and 
any  of  ita  componanta  which  might  praaant  potential  haz- 
ar da.  Items  to  conaidar  are  haalth  hazards,  contamination, 
recyclability,  etc. 

Q.  SELECTION  OF  TASK  ELEMENTS 

Ae  previously  stated,  the  heart  of  the  ayatam  safety 
effort  for  tha  MA  is  tha  selection  of  tha  task  elements 
which  will  meat  tha  program  safety  requirements  in  a  coat 
effective  manner.  Once  selected,  these  tasks  are  then 
included  in  the  SOW  and  will  specify  the  contractual  system 
safety  requirements  for  the  program.  In  order  to  properly 
select  the  appropriate  tasks  for  a  given  project,  the  MA 
must  have  a  clear  understanding  of  the  system  requirements, 
specifications,  program  phases,  and  the  safety  requirements 
identified  by  higher  authorities.  Once  this  is  well  in 
hand,  tailoring  of  MIL  STD  882  system  safety  tasks  may 
commence. 

To  aid  in  the  task  selection/tailoring  process,  MIL  STD 
882B  has  provided  Tables  1  and  2  and  Section  SO  to  Appendix 
A  for  general  guidance.  The  material  presented  therein,  is 
summarized  and/or  expanded  in  the  following  "Task  Element 
Applicability  Checklist"  (TEACL)  in  a  manner  designed  for 
clarity  and  quick  reference.  After  a  brief  description  of 
a  task,  the  TEACL  will  specify  the  usual  program/life  cycle 


phase*  of  applicability  and  then  present  specific  points  to 
assist  in  determining  if  the  task  is  required/desired. 
Utilization  of  this  checklist  format  will  enable  the  MA  to 
determine  a  baseline  selection  of  system  safety  task 
requirements  which  can  then  be  weighed  against  project 
requirements  and  cost  constraints.  Remember,  however,  that 
a  hasty  elimination  of  task  elements  might  well  result  in 
future  design  flaws  and  ultimately  greater  expenditures  of 
both  time  and  money. 

R.  TASK  ELEMENT  APPLICABILITY  CHECKLIST 

TASK  100  (System  Safety  Program)  -  Requires  the 
contractor  to  implement  a  system  safety  program. 

....  -  REQUIRED  whenever  MIL  STD  B82B  is  imposed. 

TASK  101  (System  Safety  Program  Plan)  -  Requires  that  a 
SSPP  be  developed  which  will  serve  as  the  basis  of 
understanding  between  the  contractor  and  MA  on  how  the 
system  safety  requirements  will  be  achieved. 

....  -  Applicable  to  all  phases. 

....  -  Highly  recommended  for  all  MIL  STD  882B 
procurements. 

TASK  102  (Integration/Management  of  Associate 
Contractors,  Subcontractors,  Architect  and  Engineering 


Firm*)  -  Provides  the  primary  cant"- actor  and  MA  with  a 
mtana  of  ••tablishing  and  maintaining  an  integrated  system 
safety  effort  with  othar  contractor*  on  a  project.  Tha 
ISSPP  is  tha  baais  of  this  integration. 

....  -  Applicable  to  all  phases. 

....  -  Generally  needed  only  on  major  systems  where 
numerous  contractors  are  involved. 

TASK  103  (System  Safety  Program  Reviews)  -  This  task 
requires  the  contractor  to  periodically  report  on  the 
status  of  the  system  safety  program  to  the  MA.  This  is  in 
addition  to  safety  activities  at  milestone  design  review*. 
....  -  Applicable  to  all  phases. 

....  -  Recommended  for  early  phases  of  most  projects. 

(Frequency  of  reviews  vary  with  project  and/or 
system  complexity.) 

....  -  May  be  needed  to  meet  requirements  for  munition 

safety  boards,  first  flight  readiness  reviews,  etc. 

TASK  104  (System  Safety  Group/System  Safety  Working 
Group)  -  The  group  assists  the  MA  in  the  management  of  the 
system  safety  program. 

....  -  Applicable  to  all  phases. 

....  -  Generally  required  by  service  regulations  for  all 


major  roject* 


TASK  103  (Hazard  Tracking  and  Ri«k  Resolution)  -  A 
procedural  method  to  document  and  -follow  all  identified 
hazards  until  ultimate  resolution. 

....  -  Applicable  to  all  phases. 

....  -  Critical  to  most  projects  to  ensure  proper 
disposition  of  all  hazards. 

TASK  106  (Test  and  Evaluation  Safety)  -  The  purpose  of 
this  task  is  to  ensure  that  additional  specific  attention 
is  given  safety  in  the  test  and  evaluation  process. 

....  -  Applicable  primarily  to  the  Conceptual  and 
Demonstrati  on /Validation  Phases. 

....  -  Recommended  for  all  major  weapon  systems  and  for 
minor  systems  where  hazards  to  life  are  evident. 

TASK  107  (System  Safety  Progress  Summary)  -  This  task 
requires  the  preparation  of  periodic  reports  on  the  status 
of  the  system  safety  effort. 

....  -  Applicable  to  all  phases. 

. . . .  -  Recommended  for  major  projects  and  a  good  option 
for  all  projects  if  funding  permits. 

TASK  108  (Qualification  of  Key  Contractor  System  Safety 
Engineers/Managers. >  -  Establishs  qualifications  for 

contractor  system  safety  personnel. 

....  -  Applicable  to  all  phases. 


....  -  Generally  selected  only  for  major  projects  but 
usually  not  nscsssary  sines  contractors  will 
normally  sslsct  wall  qualified  personnel  to 
protect  their  own  interests. 

TASK  201  (Preliminary  Hazard  List)  -  Requires  the 
compilation  of  a  preliminary  list  of  potential  hazards 
which  will  enable  the  MA  to  better  direct  emphasis  in  the 
system  safety  program. 

....  -  Applicable  only  to  the  early  Conceptual  Phase. 

....  -  Recommended  for  any  project  to  get  an  early 
indication  of  inherent  safety  design  flaws. 

TASK  202  (Preliminary  Hazard  Analysis)  -  Requires 
performing  and  documenting  a  PHA  to  establish  an  initial 
risk  assessment  of  the  concept  or  system.  It  will  examine 
alternate  methods  to  reduce  safety  hazards  while  still 
meeting  specif i cations/requirements. 

....  -  Primarily  applicable  to  earlier  phases. 

....  -  Recommended  for  all  projects. 

TASK  203  (Subsystem  Hazard  Analysis)  -  Requires  in 
depth  analysis  of  safety  hazards  associated  with  the  design 
of  each  subsystem. 

....  -  Primarily  applicable  to  Demonstration/Validation 
and  Full  Scale  Development  Phases. 
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....  -  Recommended  for  projects  where  multiple  major 
subsystems  are  involved. 

TASK  204  (System  Hazard  Analysis)  -  Requires 
performance  of  a  SHA  which  examines  the  interface  of  all 
subsystems  in  the  operation  of  the  system  and  how  the 
failure  modes  affect  the  overall  safety  of  the  system. 

....  -  Primarily  applicable  to  Demonstration/Validation 
and  Full  Scale  Development  Phases  and  to  lesser 
extent  design  changes  in  the  Production  and 
Deployment  Phase. 

....  -  Recommended  for  projects  of  all  levels,  since  even 
for  a  modification/addendum,  a  thorough  SHA  is 
advisable  to  ensure  no  safety  hazards  have  been 
introduced. 

TASK  203  (Operating  and  Support  Hazard  Assessment) 
This  task  requires  analysis  of  hazards  associated  with  the 
environment,  personnel,  procedures  and  equipment. 

....  -  Applicable  to  all  but  Conceptual  Phase. 

....  -  Recommended  for  all  major  or  minor  projects  with 
significant  personnel  interf ace/support  require 
ments  or  extreme  environmental  conditions. 

TASK  206  (Occupational  Health  Assessment)  -  This  task 
performance  documents  health  hazards  associated  with  a 
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system  and  recommends  protactiva  maasaras  to  raduca  the 
risk  to  an  accaptable  leval. 

....  -  Applicable  to  all  phases. 

....  -  Recommended  whan  toxic  materials  or  physical 

agents  (cold,  heat,  noise,  radiation,  etc)  are 
involved. 

TASK  207  (Safety  Verification)  -  Requires  that 
test /demonstrations  be  performed  to  verify  compliance  with 
safety  requirements  for  safety  critical  items. 

....  -  Applicable  to  Demonstration/Val i dati on  and 
and  Full  Scale  Development  Phases. 

....  -  Required  when  system  specif ication/requirements 
and/or  regul ations/standards  state  that  specific 
safety  guidelines  be  met. 

TASK  20S  (Training)  -  Requires  certification  and 
training  of  personnel  involved  in  the  development,  test, 
and  operation  of  the  system. 

....  -  Applicable  to  all  but  Conceptual  Phase. 

....  -  Generally  not  needed  when  dealing  with  established 
governmental  contractors. 

TASK  209  (Safety  Assessment)  -  This  task  requires  the 
contractor  to  document  any  residual  safety  problems  and 
special  control s/procedures  associated  with  the  system. 


....  -  Generally  applicable  to  any  phase. 

....  -  Recommended  -for  most  projects.  (If  funding 

constraints  require,  this  can  be  eliminated  for 
minor  projects.  Though  the  information  provided 
is  generally  available  elsewhere,  this  can  be 
a  single  source  of  critical  safety  inf ormation. ) 

TASK  210  (Safety  Compliance  Assessment )  -  Requires 
documentation  of  compliance  with  contractually  imposed  reg¬ 
ulation,  standards  and  laws  to  ensure  safe  system  design. 
....  -  Generally  applicable  to  all  phases. 

....  -  Recommended  for  all  major  programs  and  required 
for  any  program  where  regulations  apply. 

....  -  For  low  safety  risk  minor  programs  and/or  modifica¬ 
tion/addendums,  it  may  be  the  only  safety  analysis. 

TASK  211  (Safety  Review  of  ECP’s  and  Request  for 
Devi  at i on/Waivers)  -  Requires  documented  analysis  of  ECP’s 
and  Requests  for  Devi  at ion /Waiver. 

....  -  Applicable  to  all  but  Conceptual  Phase. 

....  -  Recommended  for  all  major /minor  weapon  system 
procurements. 

TASK  212  (Software  Hazard  Analysis)  -  Requires  analysis 
of  software  to  ensure  that  safety  hazards  are  not 
inadvertantly  introduced  by  software  interaction. 


....  -  Applicable  to  all  but  Conceptual  Phaee. 

....  -  Recommended  -for  any  procurement  in  which  critical 
eyeteme/eubeyeteme  are  software  controlled. 

TASK  213  (GFE/GFP  System  Safety  Analysis)  -  Requires 
that  GFE/GFP  items  are  considered  in  a  sa-fety  analysis. 

....  -  Applicable  to  all  but  Conceptual  Phase. 

....  -  Recommended  only  when  GFE/GFP  items  interface 

directly  with  new  contractor  developed  hardware 
or  software  in  a  new  system. 

S.  APPLICATIONS  OF  MIL  STD  882B 

In  the  following  three  sections,  the  MIL  STD  882B  is 
applied  to  three  distinct  weapon  system  acquisitions  in 
order  to  demonstrate  its  application  at  various  levels  of 
system  complexity  and  fiscal  expenditure.  In  each  case, 
the  nature  of  the  acquisition  is  described  and  then  some  of 
the  considerations  in  the  application  of  the  military 
standard  are  weighed.  Next,  though  not  discussed  in 
detail,  the  TEACL  has  been  utilized  to  make  a  baseline 
selection  of  MIL  STD  882B  task  elements  for  inclusion  into 
a  comprehensive  system  safety  program.  The  results  of  this 
baseline  selection  are  summarized  in  Table  I.  It  is 
important  to  remember  that  this  is  only  a  baseline 
selection  to  put  the  MA  over  the  first  hurdle.  After  this 
selection  is  made,  the  MA  must  painstakingly  weigh  the 
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individual 


myriad  of  f actors/constraints  affecting  each 
project  to  develop  a  system  safety  program  that  is  suited 
to  the  project  at  hand. 

T.  MAJOR  WEAPON  SYSTEM  APPLICATION 

Here  MIL  STD  882B  is  applied  to  the  acquisition  o-f  a 
replacement  -for  the  F/A-1B  Hornet,  an  all  weather  fighter 
and  attack  aircraft.  Examining  the  operating  environment 
and  aircraft  missions  several  items  are  evident  which  will 
aid  in  task  selection.  Its  primary  operational  environment 
will  be  off  a  carrier  with  all  the  associated  hazards.  It 
will  have  guns  and  carry  an  assortment  of  air-to-air  and 
air — to-surface  weapons.  Its  radar  and  avionics  suite  will 
be  highly  software  dependent,  as  most  likely  will  be  the 
flight  control  system.  It  will  be  a  massive  project  with 
numerous  sub/associ ate  contractors.  As  Table  I  shows,  any 
acquisition  of  this  magnitude  mandates  an  extensive  system 
safety  effort.  Failure  to  identify  and  correct  safety 
hazards  during  development  may  result  in  loss  of  lives  and 
valuable  aircraft,  high  retrofit  expenditures  and  possibly 
affect  national  security.  Items  selected  here  for  a 
baseline  should,  except  under  extreme  funding  limitations, 
make  up  the  final  task  selection  package. 
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U.  MINOR  WEAPON  SYSTEM  APPLICATION 


Here  the  military  standard  is  applied  to  the 
acquisition  of  100  remotely  piloted  vehicle/aircraf t  (RPV). 
They  will  be  used  for  battlefield  surveillance  by  the 
Marines  and  will  be  launched  and  recovered  at  remote 
airstrips.  Additionally,  it  is  anticipated  that 
hot-refueling  will  often  be  required  to  support  ground 
operations.  It  will  be  assumed  that  the  decision  has  been 
made  to  cut  cost  by  purchasing  a  commercially  available 
aircraft  and  add  surveillance,  communications,  and  control 
equipment.  Additionally,  much  of  the  equipment  to  be 
installed  will  be  of f — the-shel f /GFE  items.  The  greatest 
chance  of  hazards  to  life  will  be  from  loss  of  RPV  control 
and  from  hot -ref uel i ng  accidents.  Since  the  aircraft  and 
much  of  the  necessary  equipment  will  already  be  proven,  it 
will  be  necessary  to  develop  the  control  system  and 
software,  test  them  separately  and  then  test  the  integrated 
system. 

While  the  above  program  is  far  less  complex  than  the 
previous  one,  the  system  safety  effort,  though  reduced,  is 
still  substantia*.  As  shown  in  Table  I,  with  the  exception 
of  the  SSHA,  most  of  the  same  engineering  analyses  and  task 
should  still  be  conducted.  The  greatest  change  is  in  the 
management  tasks  where  significant  reduction  has  occured. 
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V.  MODIFICATION/ADDENDUM  APPLICATION 


Here  MIL  STD  882B  is  applisd  to  ths  development  and 
retrofit  of  an  advanced  radar  system  for  an  in-service 
aircraft.  The  upgrade  has  been  required  to  keep  pace  with 
a  newly  developed  air — to-air  missile  who's  range  surpasses 
that  of  the  aircraft's  current  radar.  It  is  clearly 
evident  that  an  effective  system  safety  effort  can  be 
accomplished  with  relatively  minimal  task  imposition  since 
there  is  little  chance  that  this  change  could  induce 
significant  safety  hazards.  The  tasks  selected  are  shown 
in  Table  I.  It  is  important  to  note  that  even  though  only 
a  few  tasks  have  been  selected,  management  has  been 
directed  to  incorporate  system  safety  into  the  system's 
development  (Tasks  100  and  101)  and  that  engineering  is 
required  to  conduct  sufficient  analyses  to  determine  that 
no  new  safety  hazards  have  been  introduced  into  the  current 
aircraft  due  to  this  update. 

W.  NOW  OR  LATER 

This  manual  has  presented  basic  information  and 
provided  guidance  on  the  application  of  System  Safety 
Engineering  and  MIL  STD  882B  to  the  military  weapon  system 
acquisition  process.  Utilizing  the  information  herein,  one 
should  be  better  able  to  effectively  apply  MIL  STD  882B  to 
any  given  program.  Again,  it  is  important  to  realize  that 
no  two  programs  are  alike  and  that  the  baseline  task 
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selection  obtained  with  the  TEACL  is  just  that — a  baseline 
which  must  be  molded  to  the  individual  program. 

Every  program  manager  has  the  responsibi 1 tiy  of 
implementing  a  system  safety  program  for  systems  under  his 
cognizance  and  MIL  STD  8B2B  provides  an  effective  method 
for  doing  just  that.  Although  short  term  costs  are 
incurred,  life  cycle  costs  are  reduced  because  of  fewer 
accidents,  lower  maintenance  down  time,  and  fewer  retrofit 
requirements  and  most  importantly,  lives  will  be  saved. 
The  extent  to  which  these  savings  are  realized  is  directly 
dependent  on  the  program  manager’s  commitment  to  the  system 
safety  program.  Taking  a  phrase  from  an  old  TV  commercial, 
"you  can  pay  me  now,  or  you  can  pay  me  later".  The  prudent 
program  manager  will  do  the  former. 
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